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Response to Arguments 

Applicant's arguments, see appeal brief, filed March 26, 2007, with respect to the 
rejection(s) of ciaim(s) 1-20 under 35 USC 102 have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of 1 12 1^. 

Kadyk et al. disclose per ([0062]) "Authenticate challenges issued by server or 
cascaded proxy 506a, authentication responses from client 502, and data exchanged 
between client 502 and server or cascaded proxy 506a, travel through the insecure 
client-proxy connection" reads on claim limitations "communicating authentication 
information including plain text unencrypted information and the obscured username 
over a non-secure communication channel from a client." Kadyk et al. discloses per 
[0045], "The basic directive indicates that basic authorization follows the directive. 
Similarly, the digest directive indicates that digest authorization is being supplied for the 
username in the server-defined realm identified in header 246a." 

One of ordinary skill in the art would know that encapsulating in the art is different 
than encryption and that is clearly intended use by Kaydk per [0018] which discloses 
"The resulting secure end-to-end connection between the client and the server is 
encapsulated within the insecure client-proxy connection. However, because the 
insecure client-proxy connection does not perform any encryption or decryption of the 
data it carries, only minimal overhead on communication between the client and server 
is introduced by the encapsulation." 
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Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 1,10 and 14 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. 

As per claim 1 ,the recited claim limitations disclose "conimunicating 
authentication information including plain text unencrpted information and the obscured 
username over a non-secure communication channel from a client.". As per claim 10, 
the recited limitations disclose "communication of the obscure version of the plain text 
user identifier and the plain text unencrypted information over a plain text 
communication channel." Claim 14 recite "a client device being configured to 
communicate plain text unencrypted information over unsecure communications 
channels using an obscured user identifier" 

A review of applicant's disclosure per page 7, lines 4-6, or [0027] discloses 
"Once the username is encrypted or obscured, a step 240 is performed in which the 
encrypted and non-encrypted username are registered or stored on the server using a 
secure channel." Non-encrypted username is interpreted as plain text username , and 
encrypted username is interpreted as obscure username when reading the claims in 
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light of the specification. No where in applicant's disclosure mention that both the 
"including plain text unencrypted information and the obscured username over a non- 
secure communication channel from a client" 

To continue, applicant's disclosure mention per [0006], "The system can include 
the creation of an obscured username that is communicated over a unsecure 
communication channel, such as, a wireless communication channel, without 
disclosing identification information to third parties ... Both the obscured username and 
plain text username are stored at the client device such that the obscured username is 
communicated over unsecure channels when the user enters the plain text 
username." The examiner fails to yet see where in the cited disclosure that both the 
plain text and the obscured username is communicated over the unsecure channel. 

Disclosure per [0007] discloses "This method can include obtaining a plain 
text username over a secure communication channel" Examiner once again fails to 
see where in the written disclosure that the plain text username is communicated over a 
non-secure communication channel. The above passage shows differently to the 
recited claim limitiaton which claim "communicating authentication information including 
plain text unencrpted information and the obscured username over a non-secure 
communication channel from a client." To continue further, [0008] discloses "registering 
a user with a selected server by requesting and receiving a plain text user identifier, 
creating an obscure version of the plain text user identifier, and storing the plain text 
user identifier and the obscure version of the plain text user identifier on the selected 



Application/Control Number: 10/074,625 
Art Unit: 2141 



Page 5 



server." This passage shows that the the obscure version is created from the plain text 
username. 

To add with similar logic [0021] disclose "Once encrypted, the username can be 
registered on server 120 with the existing, unencrypted username over a secure 
channel. The obscured username can be used over an unsecure channel without 
providing hints as to the real user." If applicant is so inclined, the applicant can clearly 
point out as to be clear on the record where in the specifications where the written 
description mention "communicating authentication information including plain text 
unencrypted information and the obscured username over a non-secure communication 
channel from a client." Similar logic as described above, which will not be pasted below 
, apply for claims 10 and 14. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

Claims 1-20 are rejected under 35 U.S.C. 102(e) as being anticipated by Kadyk 
et al. - hereinafter Kadyk - (US 2002/0157019) 
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As per claim 1 , Kadyk discloses a method of protecting a username during 
authentication, the method comprising: 

obtaining a plain text username over a secure communication channel; obtaining 
a server identifier for a server; ([0045]; basic authorization supports limitation of plain 
text username; [0049]; the sockets layer ("SSL") connection meets the limitation for the 
"secure communication channel", Figure 2 item 230; act of obtaining a plain text 
username, [0049]; Figure 3A: item 330) 

obscuring the plain text username using the server identifier; ([0007], [0045]; 
digest authorization hashes the user name) 

providing the obscured username and the plain text username to the server; and 
([0045], Figure 2B-1: items 224b, 226b) 

communicating authentication information including plain text unencrypted 
information and the obscured username over a non-secure communication channel 
from a client. ([0012]-[0013], [0060]-[0062] Reference 550 finally shows a step for 
encapsulating the secure end-to-end connection within the now insecure client-proxy 
connection.) 

As per claim 2, Kaydk discloses the method of claim 1 wherein the server 
identifier is a uniform resource locator (URL) corresponding to the server. ([0053]; http - 
hypertext transfer protocol refers to a URL; uniform resource locater) 
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As per claim 3, Kaydk discloses the method of claim 1 . wherein the server 
identifier is an authentication domain corresponding to the server. ([0047];) 

As per claim 4, Kaydk discloses the method of claim 1, wherein obscuring the 
plain text username using the server identifier comprises encrypting the plain text 
username using an encryption method. ([0045; digest authorization hashes the user 
name) 

As per claim 5, Kaydk discloses the method of claim 17 wherein the encryption 
method is advanced encryption standard (AES). ([0045; digest authorization is an 
advanced encryption standard) 

As per claim 6, Kaydk discloses the method of claim 1 , wherein the client is a 
wireless device. ([0043]; wireless link) 

As per claim 7. Kaydk discloses the method of claim 1 , wherein obtaining a plain 
text username over a secure communication channel comprises establishing an 
encrypted communication session between the user and the server and communicating 
a plain text username from the user to the server. ([0035]; basic authorization supports 
plain text username) 
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As per claim 8, Kaydk discloses the method of claim 1 , wherein the 
authentication information satisfies a plain text, unencrypted authentication scheme. 
([0045; basic authorization meets the limitations of plain text, unencrypted 
authentication scheme) 

As per claim 9, Kaydk discloses the method of claim 1 , wherein the server 
identifier is a combination of an authentication domain and a uniform resource locator 
(URL) of the server. ([0047]; ([0053]; http - hypertext transfer protocol refers to a URL; 
uniform resource locater) 

As per claim 10, Kaydk discloses a username protection process comprising: 
registering a user with a selected server by requesting and receiving a plain text 
user identifier, creating an obscure version of the plain text user identifier, and storing 
the plain text user identifier and the obscure version of the plain text user identifier on 
the selected server; and ([0040], [0045]; basic authorization supports limitation of plain 
text username. Figure 2 item 230; act of obtaining a plain text username) 

initiating a communication session between the user and the selected server by 
the communication of the obscure version of the plain text user identifier and plain text 
unencrypted information over a plain text communication channel. ([0012-0013]. [0060]- 
[0062]; finally, reference 550 shows a step for encapsulating the secure end-to-end 
connection within the now insecure client-proxy connection.) 
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As per claim 1 1 , Kaydk discloses the process of claim 10, wherein the user is a 
wireless client device communicating over a non-encrypted channel. ([0043]; wireless 
link) 

As per claim 12, Kaydk discloses the process of claim 10, wherein 
communication over a plain text channel involves the obscure version of the plain text 
user identifier and communication over a secure channel can use the plain text user 
identifier. ([0045]; digest authorization hashes the user name as far as the limitation of 
the obscure version o f the plain text user identifier, [0061]; finally, reference 550 shows 
a step for encapsulating the secure end-to-end connection within the now insecure 
client-proxy connection.) 

As per claim 13, Kaydk discloses the process of claim 10, wherein the obscure 
version of the plain text user identifier is stored on the user device. ([0040], [0045]; 
digest authorization hashes the user name) 

As per claim 14, Kaydk discloses a system for protecting a username during 
authentication over a non-encrypted channel, system comprising: 

a client device being configured to communicate plain text unencrypted 
information over unsecure communication channels using an obscured user identifier; 
and ([0053]-[0056]; [0060]-[0062]; Figure 4: item 402) 

a server having stored therein a plain text user identifier communicated by 
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the client device over a secure communication channel and an obscured user identifier 
corresponding to the plain text user identifier. ([0053]-[0056]; Figure 4: item 406) 

As per claim 15, Kaydk discloses the system of claim 14, further comprising a 
registration device being configured to communicate information over secure 
communication channels. ([0053H0056]; Figure 4: item 404) 

As per claim 16, Kaydk discloses the system of claim 15, wherein the client 
device and registration device are the same device. ([0027]) 

As per claim 17, Kaydk discloses the system of claim 14, wherein the client 
device does not encrypt communication when communicating with the obscured user 
identifier created from the plain text user identifier. ([0045]; basic authorization does not 
encrypt communication, [(0053)-(0056)]) 

As per claim 18, Kaydk discloseis the system of claim 14. wherein the client 
device has stored therein the plain text user identifier and the obscured user identifier. 
([0040],[0045]) 

As per claim 19, Kaydk discloses the system of claim 14, wherein the obscured 
user identifier corresponding to the plain text user identifier is created by encrypting the 
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plain text user identifier with a key. ([0045]; digest authorization hashes the user name, 
[0050]) 

As per claim 20, Kaydk discloses the system of claim 19, wherein the key is 
based on the uniform resource locator (URL) of the server or an authentication domain 
of the server. ([0047]; ([0053]; http - hypertext transfer protocol refers to a URL; 
uniform resource locater) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chirag R Patel whose telephone number is (571)272- 
7966. The examiner can normally be reached on Monday to Friday from 7:30AM to 
4:00PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupa! Dharia, can be reached on (571) 272-3880. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see 
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http.//pairclirect.uspto.gov. Should you have questions on access to the Private 

PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 

(toll free). 

Chirag Patel 
Patent Examiner 
AU2141 ^ 

CP. 
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